The present invention is directed, in general, to wireless networks and, more specifically, to a system for performing secure over-the-air (OTA) provisioning of cellular phone handsets and other mobile devices.
Reliable predictions indicate that there will be over 300 million cellular telephone customers worldwide by the year 2000. Within the United States, cellular service is offered by cellular service providers, by the regional Bell companies, and by the national long distance operators. The enhanced competition has driven the price of cellular service down to the point where it is affordable to a large segment of the population.
The current generation of cellular phones is used primarily for voice conversations between a subscriber handset (or mobile station) and another party through the wireless network. A smaller number of mobile stations are data devices, such as personal computers (PCs) equipped with cellular/wireless modems. Because the bandwidth for a current generation mobile station is typically limited to a few tens of kilobits per second (Kbps), the applications for the current generation of mobile stations are relatively limited. However, this is expected to change in the next (or third) generation of cellular/wireless technology, sometimes referred to as xe2x80x9c3Gxe2x80x9d wireless/cellular, where a much greater bandwidth will be available to each mobile station (i.e., 125 Kbps or greater). The higher data rates will make Internet applications for mobile stations much more common. For instance, a 3G cell phone (or a PC with a 3G cellular modem) may be used to browse web sites on the Internet, to transmit and receive graphics, to execute streaming audio and/or video applications, and the like. In sum, a much higher percentage of the wireless traffic handled by 3G cellular systems will be Internet protocol (IP) traffic and a lesser percentage will be traditional voice traffic.
In order to make wireless services as convenient and as affordable as possible, wireless service providers frequently sell cellular handsets (or other types of mobile stations) directly to potential subscribers from display booths in supermarkets and department stores. Simple instructions are provided to guide the buyer through the process of activating the cellular handset and signing up for wireless services to become a subscriber. In conventional cellular systems, the handset buyer activates the new handset and signs up for service by dialing xe2x80x9c*228xxxe2x80x9d on the handset keypad in accordance with the handset instructions. The value of xe2x80x9cxxxe2x80x9d varies according to the identity of the wireless service provider that sells the handset.
Although initially unprovisioned, the new handset must, of necessity, have certain minimum radio frequency (RF) communication capabilities that enable the handset to become provisioned. Dialing xe2x80x9c*228xxxe2x80x9d on the handset keypad automatically initiates a special purpose call that connects the handset buyer to an operator. The operator requests certain account information from the buyer, such as personal information, a credit card number, home billing address, and the like. When the account information is collected and the account is set up, the operator instructs the handset buyer to enter several sequences of passwords, code numbers, menu-selected commands, and the like, that enable certain functions in the handset.
This process is frequently referred to as xe2x80x9cservice provisioning.xe2x80x9d Service provisioning may activate in the cellular handset a Number Assignment Module (NAM), which gives the handset a unique phone number for incoming calls and provides a roaming capability by identifying approved wireless carriers. Service provisioning may also activate in the handset a Preferred Roaming List (PRL), which is a list of frequencies/bands owned by each carrier in each geographical region and which may identify preferred and/or prohibited frequencies in each region as well. Service provisioning also activates an authentication code, sometimes referred to as an xe2x80x9cA-key,xe2x80x9d in the cellular handset. The handset uses the A-key to authenticate the handset when the subscriber attempts to access the wireless network.
The wireless network uses a home location register (HLR) to store the A-key, the phone number, the roaming capability information, and other data related to each handset that has been or is being authenticated and provisioned by the wireless network. The HLR is a permanent database used by the wireless service provider to identify/verify a subscriber and store individual subscriber data related to features and services. The subscriber""s wireless service provider uses the HLR data when the subscriber is accessing the wireless network in the subscriber""s home coverage area. Other wireless service providers also use the HLR data (typically accessed via wireline telephone networks) when the subscriber roams outside the subscriber""s home coverage area.
The conventional provisioning process described above has numerous drawbacks. A human operator must talk the user through the process of pressing keys and verifying screen results. This is time consuming and frequently results in errors, particularly with unsophisticated subscribers. Mistakes may go unnoticed initially and the subscriber may become frustrated that the cellular service does not operate as advertised. When the mistake is finally diagnosed, the provisioning process may need to be at least partially re-performed. The human operator also adds labor costs to the provisioning process.
It would be preferable to automate cellular service provisioning to the greatest extent possible in order to reduce labor costs, eliminate errors, and make the process more user-friendly by minimizing or eliminating subscriber interaction. In particular, it would be more convenient to perform at least part of the over-the-air (OTA) cellular service provisioning process by accessing a provisioning server from an unprovisioned handset via an Internet connection. The 3G systems will make OTA service provisioning of handsets easier and more common.
However, OTA service provisioning of a handset presents serious security problems for the wireless service provider, particularly with respect to fraud. The base station that handles the initial set-up data call from an unprovisioned handset may not store the required provisioning data. Instead, base stations typically access provisioning data from one or more provisioning servers within the wireless service provider""s network and which may or may not be accessible by an intranet or by the Internet. Many wireless service providers operate clusters of base stations that are not directly connected to each other, but rather are connected to the local Bell telephone companies and/or to the major long-distance carriers. Without an Internet or intranet connection, each cluster of base stations would require its own provisioning server. Alternatively, a wireless carrier would have to pay the local Bell companies and/or a long distance company additional line fees to connect the base stations to the provisioning server.
Using an Internet connection allows a wireless service provider to consolidate all service provisioning applications and data in a central repository, rather than maintaining at great expense redundant copies of such information among a large number of provisioning servers. However, it is foreseeable that a sophisticated user could use an unprovisioned handset (possibly with some minor modifications) to access a wireless network under the guise of service provisioning and then use the wireless network to access any IP address on the Internet, not just the IP address of the provisioning server. In effect, the user could defraud the wireless service provider by using the unprovisioned handset to surf the Internet for free.
This problem exists for several reasons. First, IP addresses of other services are freely known to the public. Second, conventional wireless networks do not provide a method or an apparatus capable of blocking access to unauthorized IP addresses that is triggered by the network""s knowledge that the mobile is unprovisioned. Third, even if the network provides the mobile with an IP address to be used for provisioning, the mobile must be trusted to use that IP address only.
Therefore, there is a need in the art for improved systems and methods for performing automatic service provisioning of wireless handsets (and other types of mobile stations). In particular, there is a need in the art for systems and methods for performing secure over-the-air provisioning of wireless devices. More particularly, there is a need for systems and methods that are capable of preventing unauthorized persons from using an unprovisioned handset or other type of mobile station to browse the Internet.
To address the above-discussed deficiencies of the prior art, it is a primary object of the present invention to provide, for use in a wireless network comprising a plurality of base stations, each of the base stations capable of communicating with a plurality of mobile stations, a provisioning system capable of provisioning unprovisioned ones of the plurality of mobile stations and preventing the unprovisioned mobile stations from accessing an Internet protocol (IP) data network through the wireless network. In an advantageous embodiment of the present invention, the provisioning system comprises a provisioning controller capable of retrieving provisioning data from a provisioning server associated with the IP data network and causing a first one of the plurality of base stations to transmit the retrieved provisioning data to a first unprovisioned mobile station in a first traffic channel established between the first base station and the first unprovisioned mobile station.
In one embodiment of the present invention, the provisioning controller is capable of converting the retrieved provisioning data from an IP data packet format to a data burst message format suitable for transmission in the first traffic channel.
In another embodiment of the present invention, the provisioning controller is further capable of receiving user-generated provisioning data from the first unprovisioned mobile station in a data burst message transmitted to the first base station in a second traffic channel established between the first base station and the first unprovisioned mobile station.
In still another embodiment of the present invention, the provisioning controller is capable of converting the received user-generated provisioning data from a data burst message format to an IP data packet format suitable for transmission in the IP data network to the provisioning server.
In yet another embodiment of the present invention, the provisioning controller is capable of determining that the unprovisioned mobile station is unprovisioned and, in response to the determination, is capable of establishing a call connection via a public telecommunications network between the first base station and an operator station capable of initiating a provisioning operation that provisions the unprovisioned mobile station.
In a further embodiment of the present invention, the provisioning controller is capable of receiving from the operator station a provisioning enable signal, where the provisioning enable signal causes the provisioning controller to retrieve the provisioning data from the provisioning server.
In a still further embodiment of the present invention, the provisioning controller determines that the unprovisioned mobile station is unprovisioned according to a unique telephone number dialed by a user of the unprovisioned mobile station.
In a yet further embodiment of the present invention, the provisioning system further comprises an authentication controller coupled to the provisioning controller and capable of authenticating the unprovisioned mobile station in the wireless network, wherein the provisioning controller determines that the unprovisioned mobile station is unprovisioned if the authentication controller sends a signal to the provisioning controller indicating that the unprovisioned mobile station failed to properly authenticate.
The foregoing has outlined rather broadly the features and technical advantages of the present invention so that those skilled in the art may better understand the detailed description of the invention that follows. Additional features and advantages of the invention will be described hereinafter that form the subject of the claims of the invention. Those skilled in the art should appreciate that they may readily use the conception and the specific embodiment disclosed as a basis for modifying or designing other structures for carrying out the same purposes of the present invention. Those skilled in the art should also realize that such equivalent constructions do not depart from the spirit and scope of the invention in its broadest form.
Before undertaking the DETAILED DESCRIPTION OF THE INVENTION, it may be advantageous to set forth definitions of certain words and phrases used throughout this patent document: the terms xe2x80x9cincludexe2x80x9d and xe2x80x9ccomprise,xe2x80x9d as well as derivatives thereof, mean inclusion without limitation; the term xe2x80x9cor,xe2x80x9d is inclusive, meaning and/or; the phrases xe2x80x9cassociated withxe2x80x9d and xe2x80x9cassociated therewith,xe2x80x9d as well as derivatives thereof, may mean to include, be included within, interconnect with, contain, be contained within, connect to or with, couple to or with, be communicable with, cooperate with, interleave, juxtapose, be proximate to, be bound to or with, have, have a property of, or the like; and the term xe2x80x9ccontrollerxe2x80x9d means any device, system or part thereof that controls at least one operation, such a device may be implemented in hardware, firmware or software, or some combination of at least two of the same. It should be noted that the functionality associated with any particular controller may be centralized or distributed, whether locally or remotely. Definitions for certain words and phrases are provided throughout this patent document, those of ordinary skill in the art should understand that in many, if not most instances, such definitions apply to prior, as well as future uses of such defined words and phrases.